Merge pull request #271745 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/load-balancer/load-balancer-outbound-connections.md

@@ -62,6 +62,8 @@ Azure NAT Gateway simplifies outbound-only Internet connectivity for virtual net
 
 Using a NAT gateway is the best method for outbound connectivity. A NAT gateway is highly extensible, reliable, and doesn't have the same concerns of SNAT port exhaustion.
 
+NAT gateway takes precedence over other outbound connectivity methods, including a load balancer, instance-level public IP addresses, and Azure Firewall.
+
 For more information about Azure NAT Gateway, see [What is Azure NAT Gateway](../virtual-network/nat-gateway/nat-overview.md).
 
 ##  3. Assign a public IP to the virtual machine
@@ -74,7 +76,7 @@ For more information about Azure NAT Gateway, see [What is Azure NAT Gateway](..
 
 Traffic returns to the requesting client from the virtual machine's public IP address (Instance Level IP).
 
-Azure uses the public IP assigned to the IP configuration of the instance's NIC for all outbound flows. The instance has all ephemeral ports available. It doesn't matter whether the VM is load balanced or not. This scenario takes precedence over the others. 
+Azure uses the public IP assigned to the IP configuration of the instance's NIC for all outbound flows. The instance has all ephemeral ports available. It doesn't matter whether the VM is load balanced or not. This scenario takes precedence over the others, except for NAT Gateway. 
 
 A public IP assigned to a VM is a 1:1 relationship (rather than 1: many) and implemented as a stateless 1:1 NAT.
 

articles/machine-learning/reference-yaml-job-parallel.md

@@ -36,6 +36,7 @@ ms.date: 09/27/2022
 | `task` | object | **Required.** The template for defining the distributed tasks for parallel job. See [Attributes of the `task` key](#attributes-of-the-task-key).|||
 |`input_data`| object | **Required.**  Define which input data will be split into mini-batches to run the parallel job. Only applicable for referencing one of the parallel job `inputs` by using the `${{ inputs.<input_name> }}` expression|||
 | `mini_batch_size` | string | Define the size of each mini-batch to split the input.<br><br> If the input_data is a folder or set of files, this number defines the **file count** for each mini-batch. For example, 10, 100.<br>If the input_data is a tabular data from `mltable`, this number defines the proximate physical size for each mini-batch. For example, 100 kb, 100 mb. ||1|
+| `partition_keys` | list | The keys used to partition dataset into mini-batches.<br><br>If specified, the data with the same key will be partitioned into the same mini-batch. If both `partition_keys` and `mini_batch_size` are specified, the partition keys will take effect. |||
 | `mini_batch_error_threshold` | integer | Define the number of failed mini batches that could be ignored in this parallel job. If the count of failed mini-batch is higher than this threshold, the parallel job will be marked as failed.<br><br>Mini-batch is marked as failed if:<br> - the count of return from run() is less than mini-batch input count. <br> - catch exceptions in custom run() code.<br><br> "-1" is the default number, which means to ignore all failed mini-batch during parallel job.|[-1, int.max]|-1|
 | `logging_level` | string | Define which level of logs will be dumped to user log files. |INFO, WARNING, DEBUG|INFO|
 | `resources.instance_count` | integer | The number of nodes to use for the job. | | 1 |

articles/private-link/private-endpoint-dns.md

@@ -343,7 +343,7 @@ For Azure services, use the recommended zone names as described in the following
 >[!div class="mx-tdBreakAll"]
 >| Private link resource type | Subresource | Private DNS zone name | Public DNS zone forwarders |
 >|---|---|---|---|
->| Azure Search (Microsoft.Search/searchServices) | searchService | privatelink.search.windows.us | search.windows.us |
+>| Azure Search (Microsoft.Search/searchServices) | searchService | privatelink.search.azure.us | search.azure.us |
 >| Azure Relay (Microsoft.Relay/namespaces) | namespace | privatelink.servicebus.usgovcloudapi.net | servicebus.usgovcloudapi.net |
 >| Azure Web Apps (Microsoft.Web/sites) | sites | privatelink.azurewebsites.us </br> scm.privatelink.azurewebsites.us | azurewebsites.us </br> scm.azurewebsites.us |
 >| Azure Event Hubs (Microsoft.EventHub/namespaces) | namespace | privatelink.servicebus.usgovcloudapi.net | servicebus.usgovcloudapi.net | 

articles/sentinel/sap/configure-audit.md

@@ -90,72 +90,15 @@ Track your SAP solution deployment journey through this series of articles:
 
 1. Under **Event Selection**, choose **Classic event selection** and select all the event types in the list. 
 
-    Alternatively, choose **Detail event selection**, review the list of message IDs listed in the [Recommended audit categories](#recommended-audit-categories) section of this article, and configure them in **Detail event selection**.
-
 1. Select **Save**.
 
     ![Screenshot showing Static profile settings.](./media/configure-audit/create-profile-settings.png)
 
 1. You'll see that the **Static Configuration** section displays the newly created profile. Right-click the profile and select **Activate**.
 
 1. In the confirmation window select **Yes** to activate the newly created profile.
-
-### Recommended audit categories
-
-The following table lists Message IDs used by the Microsoft Sentinel solution for SAP® applications. In order for analytics rules to detect events properly, we strongly recommend configuring an audit policy that includes the message IDs listed below as a minimum.
-
-| Message ID | Message text | Category name | Event Weighting | Class Used in Rules |
-| - | - | - | - | - |
-| AU1 | Logon successful (type=&A, method=&C) | Logon | Severe | Used |
-| AU2 | Logon failed (reason=&B, type=&A, method=&C) | Logon | Critical | Used |
-| AU3 | Transaction &A started. | Transaction Start | Non-Critical | Used |
-| AU5 | RFC/CPIC logon successful (type=&A, method=&C) | RFC Login | Non-Critical | Used |
-| AU6 | RFC/CPIC logon failed, reason=&B, type=&A, method=&C | RFC Login | Critical | Used |
-| AU7 | User &A created. | User Master Record Change | Critical | Used |
-| AU8 | User &A deleted. | User Master Record Change | Severe | Used |
-| AU9 | User &A locked. | User Master Record Change | Severe | Used |
-| AUA | User &A unlocked. | User Master Record Change | Severe | Used |
-| AUB | Authorizations for user &A changed. | User Master Record Change | Severe | Used |
-| AUD | User master record &A changed. | User Master Record Change | Severe | Used |
-| AUE | Audit configuration changed | System | Critical | Used |
-| AUF | Audit: Slot &A: Class &B, Severity &C, User &D, Client &E, &F | System | Critical | Used |
-| AUG | Application server started | System | Critical | Used |
-| AUI | Audit: Slot &A Inactive | System | Critical | Used |
-| AUJ | Audit: Active status set to &1 | System | Critical with Monitor Alert | Used |
-| AUK | Successful RFC call &C (function group = &A) | RFC Start | Non-Critical | Used |
-| AUM | User &B locked in client &A after errors in password checks | Logon | Critical with Monitor Alert | Used |
-| AUO | Logon failed (reason = &B, type = &A) | Logon | Severe | Used |
-| AUP | Transaction &A locked | Transaction Start | Severe | Used |
-| AUQ | Transaction &A unlocked | Transaction Start | Severe | Used |
-| AUR | &A &B created | User Master Record Change | Severe | Used |
-| AUT | &A &B changed | User Master Record Change | Severe | Used |
-| AUW | Report &A started | Report Start | Non-Critical | Used |
-| AUY | Download &A Bytes to File &C | Other | Severe | Used |
-| BU1 | Password check failed for user &B in client &A | Other | Critical with Monitor Alert | Used |
-| BU2 | Password changed for user &B in client &A | User Master Record Change | Non-Critical | Used |
-| BU4 | Dynamic ABAP code: Event &A, event type &B, check total &C | Other | Non-Critical | Used |
-| BUG | HTTP Security Session Management was deactivated for client &A. | Other | Critical with Monitor Alert | Used |
-| BUI | SPNego replay attack detected (UPN=&A) | Logon | Critical | Used |
-| BUV | Invalid hash value &A. The context contains &B. | User Master Record Change | Critical | Used |
-| BUW | A refresh token issued to client &A was used by client &B. | User Master Record Change | Critical | Used |
-| CUK | C debugging activated | Other | Critical | Used |
-| CUL | Field content in debugger changed by user &A: &B (&C) | Other | Critical | Used |
-| CUM | Jump to ABAP Debugger by user &A: &B (&C) | Other | Critical | Used |
-| CUN | A process was stopped from the debugger by user &A (&C) | Other | Critical | Used |
-| CUO | Explicit database operation in debugger by user &A: &B (&C) | Other | Critical | Used |
-| CUP | Non-exclusive debugging session started by user &A (&C) | Other | Critical | Used |
-| CUS | Logical file name &B is not a valid alias for logical file name &A | Other | Severe | Used |
-| CUZ | Generic table access by RFC to &A with activity &B | RFC Start | Critical | Used |
-| DU1 | FTP server allowlist is empty | RFC Start | Severe | Used |
-| DU2 | FTP server allowlist is non-secure due to use of placeholders | RFC Start | Severe | Used |
-| DU8 | FTP connection request for server &A successful | RFC Start | Non-Critical | Used |
-| DU9 | Generic table access call to &A with activity &B (auth. check: &C ) | Transaction Start | Non-Critical | Used |
-| DUH | OAuth 2.0: Token declared invalid (OAuth client=&A, user=&B, token type=&C) | User Master Record Change | Severe with Monitor Alert | Used |
-| EU1 | System change options changed ( &A to &B ) | System | Critical | Used |
-| EU2 | Client &A settings changed ( &B ) | System | Critical | Used |
-| EUF | Could not call RFC function module &A | RFC Start | Non-Critical | Used |
-| FU0 | Exclusive security audit log medium changed (new status &A) | System | Critical | Used |
-| FU1 | RFC function &B with dynamic destination &C was called in program &A | RFC Start | Non-Critical | Used |
+   > [!NOTE]
+   > Static configuration only takes effect after a system restart. For an immediate setup, create an additional dynamic filter with the same properties, by right clicking the newly created static profile and selecting "apply to dynamic configuration". 
 
 ## Next steps
 

articles/sentinel/sap/sap-deploy-troubleshoot.md

@@ -225,7 +225,7 @@ For more information, see [ValidateSAP environment validation steps](prerequisit
 ### No records / late records
 
 The agent relies on time zone information to be correct. If you see that there are no records in the SAP audit and change logs, or if records are constantly a few hours behind, check if SAP report TZCUSTHELP presents any errors. Follow [SAP note 481835](<https://me.sap.com/notes/481835/E>) for more details.
-
+Additionally, there can be issues with the clock on the VM where the Microsoft Sentinel solution for SAP® applications agent is hosted. Any deviation of the VM's clock from UTC will impact data collection. More importantly, the SAP VM's clock and the Sentinel agent's VM's clock should match.
 
 
 ### Network connectivity issues

articles/sentinel/sap/sap-solution-deploy-alternate.md

@@ -94,13 +94,13 @@ az keyvault secret set \
 
 #Add Azure Log ws ID
 az keyvault secret set \
-  --name <SID>-LOG_WS_ID \
+  --name <SID>-LOGWSID \
   --value "<logwsod>" \
   --description SECRET_AZURE_LOG_WS_ID --vault-name $kvname
 
 #Add Azure Log ws public key
 az keyvault secret set \
-  --name <SID>-LOG_WS_PUBLICKEY \
+  --name <SID>-LOGWSPUBLICKEY \
   --value "<loswspubkey>" \
   --description SECRET_AZURE_LOG_WS_PUBLIC_KEY --vault-name $kvname
 ```